#!/usr/bin/env bash

# 样例：
# 自签名ca证书 生成（注意有效天数。默认是90天。） 导出 查看
keytool -genkeypair -keystore kafka.keystore.jks -storepass kafka2024 -alias ggs -validity 3650 -dname CN=ca,C=cn -ext bc:c -keyalg EC
keytool -exportcert -keystore kafka.keystore.jks -storepass kafka2024 -alias ggs -rfc -file ggs.cer
keytool -list -keystore kafka.keystore.jks -storepass kafka2024
keytool -printcert -file ggs.cer

# 服务器证书
# 生成
# 生成证书请求
# ca签名
# 查看
# 导入ca证书，生成truststore
# 导入ca证书到keystore
# 导入server证书到keystore
keytool -genkeypair -keystore server.keystore.jks -storepass kafka2024 -alias server -keypass kafka2024 -validity 3650 -dname CN=127.0.0.1,C=cn -keyalg EC
keytool -certreq -keystore server.keystore.jks -storepass kafka2024 -alias server -keypass kafka2024 -file server.csr
keytool -gencert -keystore kafka.keystore.jks -storepass kafka2024 -alias ggs -keypass kafka2024 -validity 3650 -infile server.csr -outfile server.cer
keytool -printcert -file server.cer
keytool -importcert -keystore server.truststore.jks -storepass kafka2024 -alias ggs -keypass kafka2024 -file ggs.cer
keytool -importcert -keystore server.keystore.jks -storepass kafka2024 -alias ggs -keypass kafka2024 -file ggs.cer
keytool -importcert -keystore server.keystore.jks -storepass kafka2024 -alias server -keypass kafka2024 -file server.cer

# 客户端证书
# 生成
# 生成证书请求
# ca签名
# 查看
# 导入ca证书，生成truststore
# 导入ca证书到keystore
# 导入server证书到keystore
keytool -genkeypair -keystore client.keystore.jks -storepass kafka2024 -alias client -keypass kafka2024 -validity 3650 -dname CN=client,C=cn -keyalg EC
keytool -certreq -keystore client.keystore.jks -storepass kafka2024 -alias client -keypass kafka2024 -file client.csr
keytool -gencert -keystore kafka.keystore.jks -storepass kafka2024 -alias ggs -keypass kafka2024 -validity 3650 -infile client.csr -outfile client.cer
keytool -printcert -file client.cer
keytool -importcert -keystore client.truststore.jks -storepass kafka2024 -alias ggs -keypass kafka2024 -file ggs.cer
keytool -importcert -keystore client.keystore.jks -storepass kafka2024 -alias ggs -keypass kafka2024 -file ggs.cer
keytool -importcert -keystore client.keystore.jks -storepass kafka2024 -alias client -keypass kafka2024 -file client.cer